Auto-Update: 2023-12-08T00:55:17.805304+00:00

2025-05-08 11:37:26 +00:00 · 2023-12-08 00:55:21 +00:00 · 2023-12-08 00:55:21 +00:00 · 141edeeb92
commit 141edeeb92
parent fa711fac67
9 changed files with 311 additions and 55 deletions
--- a/CVE-2011/CVE-2011-04xx/CVE-2011-0448.json
+++ b/CVE-2011/CVE-2011-04xx/CVE-2011-0448.json
@ -2,8 +2,8 @@
  "id": "CVE-2011-0448",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2011-02-21T18:00:01.287",
-  "lastModified": "2019-08-08T15:41:32.003",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-12-07T23:15:07.083",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -142,6 +142,13 @@
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html",
      "source": "cve@mitre.org"
    },
+    {
+      "url": "http://secunia.com/advisories/43278",
+      "source": "cve@mitre.org",
+      "tags": [
+        "Vendor Advisory"
+      ]
+    },
    {
      "url": "http://securitytracker.com/id?1025063",
      "source": "cve@mitre.org"
@ -156,6 +163,10 @@
    {
      "url": "http://www.vupen.com/english/advisories/2011/0877",
      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474",
+      "source": "cve@mitre.org"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-41xx/CVE-2023-4122.json
+++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4122.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-4122",
+  "sourceIdentifier": "help@fluidattacks.com",
+  "published": "2023-12-07T23:15:07.277",
+  "lastModified": "2023-12-07T23:15:07.277",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "help@fluidattacks.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.9,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "help@fluidattacks.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://fluidattacks.com/advisories/rubinstein/",
+      "source": "help@fluidattacks.com"
+    },
+    {
+      "url": "https://www.kashipara.com/",
+      "source": "help@fluidattacks.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-458xx/CVE-2023-45849.json
+++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45849.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-45849",
  "sourceIdentifier": "security@puppet.com",
  "published": "2023-11-08T16:15:10.193",
-  "lastModified": "2023-11-15T20:15:38.037",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-12-08T00:15:07.350",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -41,19 +41,19 @@
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
-          "privilegesRequired": "LOW",
+          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
-          "baseScore": 8.5,
-          "baseSeverity": "HIGH"
+          "baseScore": 9.0,
+          "baseSeverity": "CRITICAL"
        },
-        "exploitabilityScore": 1.8,
+        "exploitabilityScore": 2.2,
        "impactScore": 6.0
      }
    ]
--- a/CVE-2023/CVE-2023-50xx/CVE-2023-5008.json
+++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5008.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-5008",
+  "sourceIdentifier": "help@fluidattacks.com",
+  "published": "2023-12-08T00:15:07.597",
+  "lastModified": "2023-12-08T00:15:07.597",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "help@fluidattacks.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "help@fluidattacks.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://fluidattacks.com/advisories/blechacz/",
+      "source": "help@fluidattacks.com"
+    },
+    {
+      "url": "https://www.kashipara.com/",
+      "source": "help@fluidattacks.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-50xx/CVE-2023-5058.json
+++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5058.json
@ -0,0 +1,36 @@
+{
+  "id": "CVE-2023-5058",
+  "sourceIdentifier": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
+  "published": "2023-12-07T23:15:07.490",
+  "lastModified": "2023-12-07T23:15:07.490",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.phoenix.com/security-notifications/",
+      "source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de"
+    },
+    {
+      "url": "https://www.phoenix.com/security-notifications/cve-2023-5058/",
+      "source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-58xx/CVE-2023-5808.json
+++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5808.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-5808",
  "sourceIdentifier": "security.vulnerabilities@hitachivantara.com",
  "published": "2023-12-05T00:15:09.840",
-  "lastModified": "2023-12-07T21:15:08.113",
+  "lastModified": "2023-12-07T23:15:07.580",
  "vulnStatus": "Undergoing Analysis",
  "descriptions": [
    {
@ -21,20 +21,20 @@
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
-          "confidentialityImpact": "LOW",
+          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW",
-          "baseScore": 6.3,
-          "baseSeverity": "MEDIUM"
+          "baseScore": 7.6,
+          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
-        "impactScore": 3.4
+        "impactScore": 4.7
      }
    ]
  },
--- a/CVE-2023/CVE-2023-60xx/CVE-2023-6061.json
+++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6061.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-6061",
+  "sourceIdentifier": "psirt@paloaltonetworks.com",
+  "published": "2023-12-08T00:15:07.853",
+  "lastModified": "2023-12-08T00:15:07.853",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are:\n  *  MMXFax.exe  *  winfax.dll\n\n\n\n\n  *  MelSim2ComProc.exe\n  *  Sim2ComProc.dll\n\n\n\n\n  *  MMXCall_in.exe  *  libdxxmt.dll\n  *  libsrlmt.dll\n\n\n\n\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@paloaltonetworks.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.6,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.3,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@paloaltonetworks.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-426"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-427"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gist.github.com/AsherDLL/abdd2334ac8872999d73ba7b20328c21",
+      "source": "psirt@paloaltonetworks.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-65xx/CVE-2023-6599.json
+++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6599.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-6599",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2023-12-08T00:15:08.113",
+  "lastModified": "2023-12-08T00:15:08.113",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.1,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-544"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/microweber/microweber/commit/f7eb9e1c6e801346f07f3b0164a01ac5f2ca5cfd",
+      "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://huntr.com/bounties/6198785c-bf60-422e-9b80-68a6e658a10e",
+      "source": "security@huntr.dev"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-12-07T23:00:17.963459+00:00
+2023-12-08T00:55:17.805304+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-12-07T22:15:08.770000+00:00
+2023-12-08T00:15:08.113000+00:00
 ```

 ### Last Data Feed Release
@ -29,54 +29,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-232563
+232568
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `10`
+Recently added CVEs: `5`

-* [CVE-2023-35618](CVE-2023/CVE-2023-356xx/CVE-2023-35618.json) (`2023-12-07T21:15:07.450`)
-* [CVE-2023-36880](CVE-2023/CVE-2023-368xx/CVE-2023-36880.json) (`2023-12-07T21:15:07.640`)
-* [CVE-2023-38174](CVE-2023/CVE-2023-381xx/CVE-2023-38174.json) (`2023-12-07T21:15:07.840`)
-* [CVE-2023-6576](CVE-2023/CVE-2023-65xx/CVE-2023-6576.json) (`2023-12-07T21:15:08.387`)
-* [CVE-2023-6577](CVE-2023/CVE-2023-65xx/CVE-2023-6577.json) (`2023-12-07T21:15:08.620`)
-* [CVE-2023-6578](CVE-2023/CVE-2023-65xx/CVE-2023-6578.json) (`2023-12-07T21:15:08.863`)
-* [CVE-2023-46693](CVE-2023/CVE-2023-466xx/CVE-2023-46693.json) (`2023-12-07T22:15:08.250`)
-* [CVE-2023-6579](CVE-2023/CVE-2023-65xx/CVE-2023-6579.json) (`2023-12-07T22:15:08.300`)
-* [CVE-2023-6580](CVE-2023/CVE-2023-65xx/CVE-2023-6580.json) (`2023-12-07T22:15:08.533`)
-* [CVE-2023-6581](CVE-2023/CVE-2023-65xx/CVE-2023-6581.json) (`2023-12-07T22:15:08.770`)
+* [CVE-2023-4122](CVE-2023/CVE-2023-41xx/CVE-2023-4122.json) (`2023-12-07T23:15:07.277`)
+* [CVE-2023-5058](CVE-2023/CVE-2023-50xx/CVE-2023-5058.json) (`2023-12-07T23:15:07.490`)
+* [CVE-2023-5008](CVE-2023/CVE-2023-50xx/CVE-2023-5008.json) (`2023-12-08T00:15:07.597`)
+* [CVE-2023-6061](CVE-2023/CVE-2023-60xx/CVE-2023-6061.json) (`2023-12-08T00:15:07.853`)
+* [CVE-2023-6599](CVE-2023/CVE-2023-65xx/CVE-2023-6599.json) (`2023-12-08T00:15:08.113`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `29`
+Recently modified CVEs: `3`

-* [CVE-2020-35857](CVE-2020/CVE-2020-358xx/CVE-2020-35857.json) (`2023-12-07T22:15:07.800`)
-* [CVE-2021-31542](CVE-2021/CVE-2021-315xx/CVE-2021-31542.json) (`2023-12-07T22:15:07.903`)
-* [CVE-2021-33571](CVE-2021/CVE-2021-335xx/CVE-2021-33571.json) (`2023-12-07T22:15:08.010`)
-* [CVE-2021-43114](CVE-2021/CVE-2021-431xx/CVE-2021-43114.json) (`2023-12-07T22:15:08.117`)
-* [CVE-2023-47124](CVE-2023/CVE-2023-471xx/CVE-2023-47124.json) (`2023-12-07T21:01:24.967`)
-* [CVE-2023-47106](CVE-2023/CVE-2023-471xx/CVE-2023-47106.json) (`2023-12-07T21:01:57.647`)
-* [CVE-2023-48967](CVE-2023/CVE-2023-489xx/CVE-2023-48967.json) (`2023-12-07T21:02:05.883`)
-* [CVE-2023-48910](CVE-2023/CVE-2023-489xx/CVE-2023-48910.json) (`2023-12-07T21:02:12.637`)
-* [CVE-2023-48966](CVE-2023/CVE-2023-489xx/CVE-2023-48966.json) (`2023-12-07T21:02:19.613`)
-* [CVE-2023-48965](CVE-2023/CVE-2023-489xx/CVE-2023-48965.json) (`2023-12-07T21:02:33.467`)
-* [CVE-2023-5768](CVE-2023/CVE-2023-57xx/CVE-2023-5768.json) (`2023-12-07T21:02:40.177`)
-* [CVE-2023-49460](CVE-2023/CVE-2023-494xx/CVE-2023-49460.json) (`2023-12-07T21:05:53.917`)
-* [CVE-2023-49462](CVE-2023/CVE-2023-494xx/CVE-2023-49462.json) (`2023-12-07T21:05:53.917`)
-* [CVE-2023-49463](CVE-2023/CVE-2023-494xx/CVE-2023-49463.json) (`2023-12-07T21:05:53.917`)
-* [CVE-2023-49464](CVE-2023/CVE-2023-494xx/CVE-2023-49464.json) (`2023-12-07T21:05:53.917`)
-* [CVE-2023-49465](CVE-2023/CVE-2023-494xx/CVE-2023-49465.json) (`2023-12-07T21:05:53.917`)
-* [CVE-2023-49467](CVE-2023/CVE-2023-494xx/CVE-2023-49467.json) (`2023-12-07T21:05:53.917`)
-* [CVE-2023-49468](CVE-2023/CVE-2023-494xx/CVE-2023-49468.json) (`2023-12-07T21:05:53.917`)
-* [CVE-2023-4486](CVE-2023/CVE-2023-44xx/CVE-2023-4486.json) (`2023-12-07T21:05:53.917`)
-* [CVE-2023-6574](CVE-2023/CVE-2023-65xx/CVE-2023-6574.json) (`2023-12-07T21:05:53.917`)
-* [CVE-2023-6575](CVE-2023/CVE-2023-65xx/CVE-2023-6575.json) (`2023-12-07T21:05:53.917`)
-* [CVE-2023-41613](CVE-2023/CVE-2023-416xx/CVE-2023-41613.json) (`2023-12-07T21:08:08.163`)
-* [CVE-2023-50164](CVE-2023/CVE-2023-501xx/CVE-2023-50164.json) (`2023-12-07T21:15:08.017`)
-* [CVE-2023-5808](CVE-2023/CVE-2023-58xx/CVE-2023-5808.json) (`2023-12-07T21:15:08.113`)
-* [CVE-2023-48815](CVE-2023/CVE-2023-488xx/CVE-2023-48815.json) (`2023-12-07T21:16:04.267`)
+* [CVE-2011-0448](CVE-2011/CVE-2011-04xx/CVE-2011-0448.json) (`2023-12-07T23:15:07.083`)
+* [CVE-2023-5808](CVE-2023/CVE-2023-58xx/CVE-2023-5808.json) (`2023-12-07T23:15:07.580`)
+* [CVE-2023-45849](CVE-2023/CVE-2023-458xx/CVE-2023-45849.json) (`2023-12-08T00:15:07.350`)


 ## Download and Usage